What's new in Active Directory Domain Services in server 2012

Microsoft windows server 2012 release in September 4, 2012 and server 2012 was release in 2013. Microsoft improvements the exiting feature and add some of the new feature / functionality  in every release of windows server. In this article we will discuss about the new feature and improvements of exiting features in Active Directory Domain Services in Microsoft windows server 2012 and Server 2012 R2 edition.


  1. Workplace Join - Allow a user to associate their personal device with the company directory.

    Web Application Proxy Topology
  2. Web Application Proxy - Provides access to web application using a new Remote Access role service. Web Application Proxy “provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network.

  1. Active Directory Federation Services - AD FS has simplified deployment and improvements to enable users to access resources from personal devices and help IT departments manage access control.

  2. SPN and UPN uniqueness - Domain Controllers running Windows Server 2012 R2 block the creation of duplicate service principal names (SPNs) and user principal names (UPNs).

  3. Winlogon Automatic Restart Sign-On (ARSO) - Enables lock screen applications to be restarted and available on Windows 8.1 devices.

  4. TPM Key Attestation - Enables CAs to cryptographically attest in an issued certificate that the certificate requester private key is actually protected by a Trusted Platform Module (TPM).

  5. Credentials Protection and Management - New credential protection and domain authentication controls to reduce credential theft.

  6. Deprecation of File Replication Service (FRS) - The Windows Server 2003 domain functional level is also deprecated because at the functional level, FRS is used to replicate SYSVOL. That means when you create a new domain on a server that runs Windows Server 2012 R2, the domain functional level must be Windows Server 2008 or newer. You can still add a domain controller that runs Windows Server 2012 R2 to an existing domain that has a Windows Server 2003 domain functional level; you just can’t create a new domain at that level.

  7. New domain and forest functional levels - There are new functional levels for Windows Server 2012 R2. New features are available at Windows Server 2012 R2 DFL.

  8. LDAP query optimizer changes - Performance improvement in LDAP search efficiency and LDAP search time of complex queries.

  9. 1644 Event improvements - LDAP search result statistics were added to event ID 1644 to aid in troubleshooting.

  10. Active Directory replication throughput improvement - Adjusts the maximum AD Replication throughput from 40Mbps to around 600 Mbps


  1. Dynamic Access Control - New claims-based authorization platform that enhances the legacy access control model.

  2. DirectAccess Offline Domain Join - Extends offline domain-join by including DirectAccess prerequisites.

  3. Active Directory Federation Services (AD FS) - Adds role install via Server Manager, simplified trust-setup, automatic trust management, SAML-protocol support, and more.

  4. Windows PowerShell History Viewer - Allow administrators to view the Windows PowerShell commands executed when using ADAC

  5. Active Directory Recycle Bin User Interface - Recycle bin feature originally introduced in Windows Server 2008 R2. But in this edition Active Directory Administrative Center (ADAC) adds GUI management of Recycle Bin User Interface.

  6. Fine-Grained Password Policy User Interface - ADAC adds GUI support for the creating, editing and assignment of PSOs originally added in Windows Server 2008.

  7. Active Directory Replication and Topology Windows PowerShell cmdlets - Supports the creation and management of Active Directory sites, site-links, connection objects, and more using Windows PowerShell.

  8. Active Directory Based Activation (AD BA) -

  9. Group Managed Service Accounts (gMSA)


  1. Adprep.exe integration into the AD DS installation process

  2. The AD DS server role installation, which is built on Windows PowerShell and can be run remotely on multiple servers

  3. Prerequisite validation in the AD DS Configuration Wizard. Identifies potential errors before the installation begins. You can correct error conditions before they occur without the concerns that result from a partially complete upgrade.

  4. Configuration pages grouped in a sequence that mirror the requirements of the most common promotion options, with related options grouped in fewer wizard pages.

  5. A wizard that exports a Windows PowerShell script that contains all the options that were specified during the graphical installation